List all AWS CloudHSM users using KMU
Use the listUsers command in the AWS CloudHSM key_mgmt_util to get the users in the hardware security modules (HSM), along with their user type and other attributes.
In key_mgmt_util, listUsers returns output that represents all HSMs in the cluster, even if they are not consistent. To get information about the users in each HSM, use the listUsers command in cloudhsm_mgmt_util.
The user commands in key_mgmt_util, listUsers and getKeyInfo, are read-only commands that crypto users (CUs) have permission to run. The remaining user management commands are part of cloudhsm_mgmt_util. They are run by crypto officers (CO) who have user management permissions.
Before you run any key_mgmt_util command, you must start key_mgmt_util and log in to the HSM as a crypto user (CU).
Syntax
listUsers listUsers -h
Example
This command lists the users of HSMs in the cluster and their attributes. You can use the
User ID
attribute to identify users in other commands, such as findKey, getAttribute, and getKeyInfo.
Command: listUsers Number Of Users found 4 Index User ID User Type User Name MofnPubKey LoginFailureCnt 2FA 1 1 PCO admin NO 0 NO 2 2 AU app_user NO 0 NO 3 3 CU alice YES 0 NO 4 4 CU bob NO 0 NO 5 5 CU trent YES 0 NO Cfm3ListUsers returned: 0x00 : HSM Return: SUCCESS
The output includes the following user attributes:
-
User ID: Identifies the user in key_mgmt_util and cloudhsm_mgmt_util commands.
-
User type: Determines the operations that the user can perform on the HSM.
-
User Name: Displays the user-defined friendly name for the user.
-
MofnPubKey: Indicates whether the user has registered a key pair for signing quorum authentication tokens.
-
LoginFailureCnt: Indicates the number of times the user has unsuccessfully logged in.
-
2FA: Indicates that the user has enabled multi-factor authentication.
Parameters
- -h
-
Displays help for the command.
Required: Yes
Related topics
listUsers in cloudhsm_mgmt_util